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WHAT IS CLAIMED IS : 



l^."^- — A— system comprising! 

2 \ a communications engine for establishing a communications 

3 link wifh a client; 

4 secikity meansf co^upl^d^o the conmiunications engine for 

5 determining Vlient privileges; 

6 a servlet iiost engin\ coupled to the security means for 

7 providing to the cHent, based on the client privileges, an applet 

8 \yhich enables I/O with a secured service; and 

9 a keysafe for storing a key which enables access to the secured 
10 service. 

2. The system of claim 1, wherbin the communications engine 

2 uses SSL technology to create a secureS^ommunications link with the 

3 client. 

1 3. The system of claim 1, wherein communicati^s engine 

2 negotiates an encryption protocol for transferring messages to and 

3 from the client. 
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1 4.\ The system of claim 1, wherein the communications engine 

2 uses ^blic key certificates for transferring messages to and from the 

3 client. 



1 5, 



The systemv of claim 1, wherein the security means uses public 



2 key certificates to authenticate the client. 



1 6. The system of claimv 1, wherein the security means examines 

2 client identity and the level \)f authentication to determine client 

3 privileges. 

1 7. The system of claim 1, whereinv the security means examines a 

2 global certificate to authenticate the client, 

1 8. The system of claim 1, wherein the secnirity means uses digital 

2 signature technology to authenticate the client. 



1 9. The system of claim 1, wherein the servlet host ragine 

2 forwards to the client a security applet for enabling the clrent to 

3 perform a security protocol recognized by the security means 
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1 K). The system of claim 1, wherein the service is secured by a 

2 corporate firewall and the key is configured to enable communication 

3 througnVthe firewall. 

1 11. The system of claim 1, further comprising a global firewall for 

2 protecting the syst^. 

1 12. The system of clainaVl, further comprising a service address for 

2 identifying the location of the\ secured service. 



£3' 



1 13. The system of claim 1, whereirkthe applet provides to the 

2 client a direct connection with the secured service. 

1 14. The system of claim 1, further comprisingva proxy in 

2 communication with the secured service, and wherHp the applet 

3 enables I/O with the proxy. 
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^5. A method comprising the stej>l^ of: 

establishing a conmiunidations link with a client; 
^determining cliefa privifegesj 



)viding to/the client^ 



^ased on the client privileges, an applet 



which enaole^I/O with a secured service; and 

retrievingv a key which enables access to the secured service. 



in 



1 16. The method (^^ claim 15, wherein establishing a 

2 communications link includes the step of using SSL technology to 

3 create a secure communications link with the client. 

1 17. The method of claim 15,\wherein establishing a 

2 communications link includes the \tep of negotiating an encryption 

3 protocol for transferring messages toXand from the client. 



1 18. The method of claim 15, wherein establishing a 

2 communications link includes the step of using public key certificates 

3 for transferring messages to and from the client> 

1 19. The method of claim 15, wherein determining c^ent privileges 

2 includes the step of using public key certificates to authenticate the 

3 client. 
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1 20\ The method of claim 15, wherein determining client privileges 

2 includes the step of examining client identity and the level of 

3 authenticaHon to determine client privileges. 

1 21. The methooVof claim 15, wherein determining client privileges 

2 includes the step of e^xamining a global certificate to authenticate the 

3 client. 



1=^ 1 22. The method of claim 1 5, \ wherein determining client privileges 

i'fS \ 

2 includes the step of using digital ^signature technology to authenticate 



'0 

Q 

a 



3 the client. 

1 23. The method of claim 15, wherein e^blishing a 

2 communications link includes forwarding to me client a security 

3 applet for enabling the client to perform a recognized security 

4 protocol. 



1 24. The method of claim 15, further comprising the stepyof using 

2 the key to conmiunicate through a firewall to the secured service. 
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1 '2.5. The method of claim 15, wherein the method is performed by a 

2 glocml server and further comprising using a global firewall to 

3 protects the global server. 

1 26. The method of claim 15, further comprising using a service 

2 address to identic the location of the secured service. 



In 



m 



1 27. The method of cfaim 15, wherein providing includes the step of 



m 2 providing to the client a direct connection with the secured service. 



\ 

1 28. The method of claim 15, further comprising using a proxy in 



Q 2 communication with the secured service, and wherein providing 



3 includes enabling I/O with the proxy. 

1 29. A system comprising: 

2 means for establishing a communications Mink with a client; 

3 means for determining client privileges; 

4 means for providing to the client, based on th^ client privileges, 

5 an applet which enables I/O with a secured service; anc 

6 means for retrieving a key which enables access to tl\e secured 

7 service. 
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30. A cdlBBUter-based storage medium storing a program for 
causing a computerHo perform the steps of: 

establishing a commimteations link with a client; 

determining client privileges; 

providing to the client, based on the clfent^rivileges, an applet 
which enables I/O with a secured service; and 
- netrie^^ftg— a key which -enables acires^— to— t he, secured service?^ 
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